Created
April 11, 2017 15:54
-
-
Save CobyR/a33afa910b27893ea4a23c93061e6130 to your computer and use it in GitHub Desktop.
coalfire audit script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# | |
#set -x | |
#set -v | |
# | |
# This was rewritten in /bin/sh since bash is not readily available | |
# everywhere. /bin/sh is available on all *NIX systems. | |
# | |
##################################################################### | |
# PCI data gathering script for Coalfire Systems, Inc. | |
##################################################################### | |
clear | |
echo "PCI DSS Linux Audit Script by Coalfire" | |
echo "For use on Debian/Ubuntu" | |
echo "Version 2.0" | |
echo | |
##################################################################### | |
# Check to see if we are root. If not, bail. | |
##################################################################### | |
if [ "$(id -u)" -ne 0 ] | |
then | |
echo "ERROR: Only root can run this script. (exiting)" | |
exit | |
fi | |
# Load the default profile, in case someone ran this with dash. | |
. /etc/profile | |
##################################################################### | |
# what OS? - helpful for paths and commands | |
##################################################################### | |
CUROS=`grep "^NAME" /etc/os-release | awk -F= '{print $2}' | sed -e 's/"//g'` | |
# Validate | |
if [ -z $CUROS ] | |
then | |
echo "ERROR: This script only supports Debian/Ubuntu. (exiting)" | |
exit | |
fi | |
case "$CUROS" in | |
Debian|Ubuntu) | |
myBan="cat /etc/issue" | |
myPci="/usr/bin/lspci" | |
# runlevel command only exists in GNU/Linux | |
CURRUNLEVEL=$(runlevel | awk '{print $2}') | |
. /etc/os-release | |
myVer=`grep VERSION_ID /etc/os-release | awk -F= '{print $2}' | sed -e 's/"//g'` | |
;; | |
*) | |
echo "ERROR: This script only supports Debian/Ubuntu. (exiting)" | |
exit 1 | |
;; | |
esac | |
echo "Identified OS as $CUROS." | |
echo '\r' | |
##################################################################### | |
# datastore setup | |
##################################################################### | |
CURHOSTNAME=`hostname` | |
OUTFOLDER="/tmp/$CURHOSTNAME-pci-script-output" | |
echo "Removing old folder (if exists)" | |
if [ -d "$OUTFOLDER" ] | |
then | |
# call rm directly in case it is aliased | |
/bin/rm -rf $OUTFOLDER | |
fi | |
echo | |
echo "Making folder for output files..." | |
mkdir "$OUTFOLDER" | |
if [ -d "$OUTFOLDER" ] | |
then | |
cd "$OUTFOLDER" | |
else | |
echo "Failed to create collection area. (Exiting)." | |
exit 1 | |
fi | |
##################################################################### | |
# datastore function | |
##################################################################### | |
datastore () { | |
OUTFILE="$OUTFOLDER/$1" | |
touch $OUTFILE | |
if [ ! -f $OUTFILE ] | |
then | |
echo "Failed to create the collection datastore. (Exiting)." | |
exit 1 | |
fi | |
} | |
##################################################################### | |
# 01_SystemInfo.txt creation | |
##################################################################### | |
datastore "01_SystemInfo_6.2.b.txt" | |
echo | |
echo "Collecting basic system information..." | |
echo "*** This OS Version is: $myVer ***" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
echo >> $OUTFILE | |
echo >> $OUTFILE | |
echo "*** Output of the command: $myBan ***" >> $OUTFILE | |
$myBan >> $OUTFILE | |
echo >> $OUTFILE | |
echo "*** Output of the command: uname -a ***" >> $OUTFILE | |
echo >> $OUTFILE | |
uname -a >> $OUTFILE | |
# This will help us figure out if this is a virtual machine. | |
echo >> $OUTFILE | |
echo "Getting device information..." | |
echo >> $OUTFILE | |
echo "*** Output of the command: $myPci ***" >> $OUTFILE | |
$myPci >> $OUTFILE | |
##################################################################### | |
# 02_IPInfo.txt creation | |
##################################################################### | |
datastore "02_IPInfo_Services_2.2.txt" | |
echo | |
echo "Getting IP address information..." | |
echo "*** Output of the command: ifconfig -a ***" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
ifconfig -a >> $OUTFILE | |
echo | |
echo "Getting routing information..." | |
echo "*** Output of the command: netstat -rn ***" >> $OUTFILE | |
netstat -rn >> $OUTFILE | |
##################################################################### | |
# Section 03: LocalUsers.txt creation | |
##################################################################### | |
datastore "03_LocalUsers_8.1.txt" | |
echo | |
echo "Getting Local Users..." | |
echo "*** Output of the command: cat /etc/password ***" > $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
cat /etc/passwd >> $OUTFILE | |
echo >> $OUTFILE | |
echo >> $OUTFILE | |
echo "*** Output of the command: cat /etc/shadow ***" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***">> $OUTFILE | |
cat /etc/shadow >> $OUTFILE | |
##################################################################### | |
# 03_LocalUserLastLogin.txt creation | |
##################################################################### | |
datastore "03_LocalUserLastLogin.txt" | |
echo "Getting local user last login on TTYs..." | |
# Note that this won't show anyone that logged in via Gnome. | |
echo "*** Output of the command: lastlog" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
lastlog >> $OUTFILE | |
echo "" >> $OUTFILE | |
echo "Getting all last login info..." | |
echo "*** Output of the command: last" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
last >> $OUTFILE | |
##################################################################### | |
# 03_LocalGroups.txt creation | |
##################################################################### | |
datastore "03_LocalGroups_8.1.txt" | |
echo "Getting local groups..." | |
echo "*** Output of the command: cat /etc/group" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
cat /etc/group >> $OUTFILE | |
##################################################################### | |
# 04_SNMPStrings.txt creation | |
##################################################################### | |
datastore "04_SNMPStrings_1.1.6_2.1_8.2.1.txt" | |
echo '\r' | |
echo "Getting SNMP community string (if exists)..." | |
if [ -e /etc/snmp/snmpd.conf ]; | |
then | |
echo "*** Output of the command: egrep -v '\#|^$' /etc/snmp/snmpd.conf ***" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
egrep -v "\|^$" /etc/snmp/snmpd.conf >> $OUTFILE | |
else | |
echo "/etc/snmp/snmpd.conf not found." > $OUTFILE | |
fi | |
##################################################################### | |
# 05_CoreDump.txt creation | |
##################################################################### | |
datastore "05_CoreDump_2.2.txt" | |
echo | |
echo "Checking if core dumps are enabled ..." | |
echo "*** Output of the command: grep -v '^#' /etc/security/limits.conf | grep core | awk '{print $1}' ***" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
grep -v "^#" /etc/security/limits.conf | grep core >> $OUTFILE | |
##################################################################### | |
# 05_SysCtl.txt creation | |
##################################################################### | |
datastore "05_SysCtl.txt" | |
if [ ! -f $OUTFILE ] | |
then | |
echo "Failed to create the collection datastore. (Exiting)." | |
exit 1 | |
fi | |
echo | |
echo "Getting sysctl info..." | |
# This will let us look for things like "net.ipv4.ip_forward=1" if IP forwarding is enabled. | |
echo "*** Output of the command: 'egrep -v \#|^$ /etc/sysctl.conf ***'" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
egrep -v "\#|^$" /etc/sysctl.conf >> $OUTFILE 2>&1 | |
if [ "$?" -eq 1 ] | |
then | |
echo ">>>No uncommented lines in /etc/sysctl.conf" >> $OUTFILE | |
fi | |
# GNU/Linux hosts also have a /etc/sysctl.d directory, but FreeBSD does not. | |
echo ">>>Checking for /etc/sysctl.d" >> $OUTFILE | |
if [ -d /etc/sysctl.d ] | |
then | |
echo ">>>>>Found /etc/sysctl.d. Checking..." | |
for file in `ls -c1 /etc/sysctl.d` | |
do | |
egrep -v "\#|^$" $file >> $OUTFILE 2>&1 | |
if [ $? -eq 1 ] | |
then | |
echo ">>>>>No uncommented lines in $file" >> $OUTFILE | |
fi | |
done | |
else | |
echo ">>>/etc/sysctl.d not found." >> $OUTFILE | |
fi | |
##################################################################### | |
# 05_LoginDefs.txt creation | |
##################################################################### | |
datastore "05_LoginDefs_8.1.5-8.2.txt" | |
echo | |
echo "Getting logindefs file..." | |
# This will let us look for things like "ENCRYPT_METHOD SHA512" for stronger password hashes. | |
# Note that things like LOGIN_RETRIES usually get overridden by PAM modules. | |
echo "*** Output of the command: 'egrep -v \#|^$ /etc/login.defs ***'" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
egrep -v "\#|^$" /etc/login.defs >> $OUTFILE | |
if [ $? -eq 1 ] | |
then | |
echo ">>>No uncommented lines in /etc/login.defs" >> $OUTFILE | |
fi | |
##################################################################### | |
# 06_InstalledProgramGroups.txt creation | |
##################################################################### | |
datastore "06_InstalledProgramGroups.txt" | |
echo "*** Debian and Ubuntu use APT which doesn't support package groups ***" >> $OUTFILE | |
##################################################################### | |
# 06_AllInstalledPackages.txt creation | |
##################################################################### | |
datastore "06_AllInstalledPackages_6.2.b.txt" | |
echo | |
echo "Getting all installed packages (this may take a while)..." | |
echo "*** Output of the command: 'dkpg --list'" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
dpkg --list >> $OUTFILE | |
##################################################################### | |
# 08_RunningProcesses.txt creation | |
##################################################################### | |
datastore "08_RunningProcesses_2.2.txt" | |
echo | |
echo "Getting running processes..." | |
echo "*** Output of the command: ps -e --format comm,pid,ppid,command" > 08_RunningProcesses.txt | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> 08_RunningProcesses.txt | |
ps -e --format comm,pid,ppid,command >> 08_RunningProcesses.txt | |
##################################################################### | |
# 09_Daemons.txt creation | |
##################################################################### | |
datastore "09_Daemons_2.2.x.txt" | |
echo | |
echo "Getting startup daemons..." | |
echo "*** Output of the command: 'sudo initctl list | grep running | awk {print $1} | sort' ***" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
initctl list | grep running | awk '{print $1}' | sort >> $OUTFILE | |
##################################################################### | |
# 09_StartupScripts.txt creation | |
##################################################################### | |
datastore "09_StartupScripts_2.2.txt" | |
echo | |
echo "Getting startup scripts..." | |
echo "*** Output of the command: 'for f in /etc/init.d/*; do echo $f; done | egrep -v README | sort'" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
echo "*** NOTE: Current Runlevel is: $CURRUNLEVEL" >> $OUTFILE | |
for f in `ls -c1 /etc/init.d/*|egrep -v README` | |
do | |
echo $f >> $OUTFILE | |
done | |
##################################################################### | |
# 09_RCLocal.txt creation | |
##################################################################### | |
datastore "09_RCLocal.txt" | |
echo | |
echo "Getting rc.local file..." | |
echo "*** Output of the command: egrep -v '\#|^$' /etc/rc.local ***" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
if [ -f /etc/rc.local ] | |
then | |
egrep -v "^#|^$" /etc/rc.local > /dev/null 2>&1 | |
if [ $? -eq 1 ] | |
then | |
echo "There are no uncommented lines in /etc/rc.local" >> $OUTFILE | |
else | |
egrep -v "^#|^$" /etc/rc.local >> $OUTFILE | |
fi | |
else | |
echo "There is no rc.local to check." | |
fi | |
##################################################################### | |
# 09_UserCronJobs.txt creation | |
##################################################################### | |
datastore "09_UserCronJobs_2.2.txt" | |
echo | |
echo "Getting user cron jobs..." | |
echo "*** Output of the command: for user in \$\(cut -f1 -d: /etc/passwd\); do crontab -u \$\user -l; done" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
echo "User cron jobs: (none if empty)\r" >> $OUTFILE | |
for user in $(cut -f1 -d: /etc/passwd) | |
do | |
crontab -u $user -l >> $OUTFILE | |
done | |
##################################################################### | |
# 09_SystemCronJobs.txt creation | |
# | |
# Only relevant on RedHat, CentOS, Debian, and Ubuntu | |
##################################################################### | |
datastore "09_SystemCronJobs_2.2.txt" | |
echo | |
echo "Getting system cron jobs..." | |
if [ "$CUROS" != "SunOS" -a "$CUROS" != "FreeBSD" ] | |
then | |
echo "*** Output of the command: egrep -v '\#|^$' $f for each file in /etc/cron.* ***" >> $OUTFILE | |
for f in /etc/cron.*/* | |
do | |
echo >> $OUTFILE | |
echo "***** Contents of file $f: *****\r" >> $OUTFILE | |
egrep -v "\#|^$" $f >> $OUTFILE | |
done | |
else | |
echo "$CUROS does not use Linux style system cron jobs (/etc/cron.*)." >> $OUTFILE | |
fi | |
##################################################################### | |
# 10_ListeningPorts.txt creation | |
##################################################################### | |
datastore "10_ListeningPorts_2.2.txt" | |
echo | |
echo "Getting open ports..." | |
echo "*** Output of the command: netstat --all --tcp --udp --numeric --program --listening" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
netstat --all --tcp --udp --numeric --program --listening >> $OUTFILE | |
##################################################################### | |
# 11_PatchHistory.txt creation | |
##################################################################### | |
datastore "11_PatchHistory_6.2.b.txt" | |
echo | |
echo "Getting installed patches..." | |
echo "*** Output of the command: tail /var/log/apt/history.log -n 2000" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
tail /var/log/apt/history.log -n 2000 >> $OUTFILE | |
##################################################################### | |
# 11_RepositorySources.txt creation | |
##################################################################### | |
datastore "11_RepositorySources.txt" | |
echo | |
echo "Getting repository sources..." | |
echo "*** Output of the command: egrep -v '\#|^$' /etc/apt/sources.list" > 11_RepositorySources.txt | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> 11_RepositorySources.txt | |
egrep -v "\#|^$" /etc/apt/sources.list >> 11_RepositorySources.txt | |
##################################################################### | |
# 12_LocalAdmins.txt creation | |
##################################################################### | |
datastore "12_LocalAdmins_8.1.txt" | |
echo | |
echo "Getting sudoers configuration..." | |
echo "*** Output of the command: egrep -v '\#|^$' /etc/sudoers" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` at $(date '+%H:%M') ***" >> $OUTFILE | |
egrep -v "\#|^$" /etc/sudoers >> $OUTFILE | |
##################################################################### | |
# 12_LocalAdminsExpanded.txt creation | |
##################################################################### | |
datastore "12_LocalAdminsExpanded_8.1.txt" | |
sudoConf="/etc/sudoers" | |
# If they are using sudoers groups, then get those groups' membership. | |
SUDOGROUPS=$(egrep -v '\#|^$' $sudoConf | grep % | awk '{print $1}' | sed 's/%//g') | |
if [ -n "$SUDOGROUPS" ] | |
then | |
echo "Getting sudoer group members..." | |
echo "*** Output of the command: grep '^{groupnamefromsudoers}' $sudoConf" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
for grp in $SUDOGROUPS | |
do | |
grep "^$grp" $sudoConf >> $OUTFILE | |
done | |
# Get root group members; root doesn't have a % in sudoers. | |
grep "^root" $sudoConf >> $OUTFILE | |
fi | |
##################################################################### | |
# 12_LocalID0.txt creation | |
##################################################################### | |
datastore "12_LocalID0.txt" | |
echo | |
echo "Getting users with ID 0..." | |
echo "*** Output of the command: grep '^.*:x:0:' /etc/passwd" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
grep '^.*:x:0:' /etc/passwd >> $OUTFILE | |
##################################################################### | |
# 13_SSHSettings.txt creation | |
##################################################################### | |
datastore "13_SSHSettings_1.1.6_2.3_8.2.1.txt" | |
echo | |
echo "Getting ssh configuration..." | |
if [ -e /etc/ssh/sshd_config ] | |
then | |
echo "*** Output of the command: egrep -v '\#|^$' /etc/ssh/sshd_config" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
egrep -v "\#|^$" /etc/ssh/sshd_config >> $OUTFILE | |
elif [ -e /usr/local/etc/ssh/sshd_config ] | |
then | |
echo "*** Output of the command: egrep -v '\#|^$' /usr/local/etc/ssh/sshd_config" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
egrep -v "\#|^$" /usr/local/etc/ssh/sshd_config >> $OUTFILE | |
else | |
echo ">>> /etc/ssh/sshd_config not found!" >> $OUTFILE | |
fi | |
##################################################################### | |
# 14_PAMAuth.txt creation | |
##################################################################### | |
datastore "14_PAMAuth_8.1.5-8.2.txt" | |
echo | |
echo "Getting PAM auth configuration..." | |
echo "*** Output of the command: cat /etc/pam.d/common-auth" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
egrep -v "\#|^$" /etc/pam.d/common-auth >> $OUTFILE | |
echo "*** Output of the command: cat /etc/pam.d/common-password" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
egrep -v "\#|^$" /etc/pam.d/common-password >> $OUTFILE | |
##################################################################### | |
#15_PasswordSettings.txt creation | |
##################################################################### | |
datastore "15_PasswordSettings_8.1.5-8.2.txt" | |
echo | |
echo "Getting password settings for enabled users..." | |
# We are first grepping enabled users out of /etc/shadow, splitting out the username with awk, then | |
# echoing the username out along with the chage command to see what the password settings are. | |
echo "*** Output of the command: egrep -v '\:\!\!\|\:\*' /etc/shadow | awk -F':' '{print $1}' | xargs --replace={} sh -c 'echo ***{}*** && chage --l {}'" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
egrep -v "\:\!\!\|\:\*" /etc/shadow | awk -F':' '{print $1}' | xargs --replace={} bash -c 'echo ***{}*** && chage -l {}' >> $OUTFILE | |
##################################################################### | |
# 16_ConsoleTimeout.txt creation | |
##################################################################### | |
datastore "16_ConsoleTimeout_8.1.8.txt" | |
echo | |
echo "Getting console timeout (TMOUT)..." | |
if [ -n "$TMOUT" ] | |
then | |
echo "*** Output of the command: echo Timeout value set to $TMOUT" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
echo "Timeout value set to: $TMOUT" >> $OUTFILE | |
else | |
echo "*** TMOUT environment variable not set; no console timeout!***" >> $OUTFILE | |
fi | |
##################################################################### | |
# 17_TimeSettings.txt and 17_TimePeerStatus.txt creation | |
##################################################################### | |
datastore "17_TimeSettings_10.4.txt" | |
if [ ! -f $OUTFILE ] | |
then | |
echo "Failed to create the collection datastore. (Exiting)." | |
exit 1 | |
fi | |
echo | |
echo "Getting time settings..." | |
if [ -e "/etc/ntp.conf" ] | |
then | |
echo "*** Output of the command: egrep -v '\#|^$' /etc/ntp.conf" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
egrep -v "\#|^$" /etc/ntp.conf >> $OUTFILE | |
echo "Getting time sync peer status..." | |
datastore "17_TimePeerStatus.txt" | |
echo "*** Output of the command: ntpq -p localhost" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
echo "NOTE: This may appear to hang if something is wrong with the time sync on this server." | |
echo "Theoretically it should timeout eventually." | |
ntpq -p localhost >> $OUTFILE 2>&1 | |
echo "If there is an 'connection refused' message above, it probably means ntpd isn't started; how is time synced, then?" >> $OUTFILE | |
echo "Let's check ntpd service status by running 'service ntp status' just for fun." >> $OUTFILE | |
service ntpd status >> $OUTFILE | |
elif [ -e "/etc/cron.daily/ntpdate" ]; then | |
echo "*** Output of the command: egrep -v '\#|^$' /etc/cron.daily/ntpdate" > 17_TimeSettings.txt | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> 17_TimeSettings.txt | |
egrep -v "\#|^$" /etc/cron.daily/ntpdate >> 17_TimeSettings.txt | |
echo "Getting time sync peer status..." | |
OUTFILE="$OUTFOLDER/17_TimePeerStatus.txt" | |
if [ ! -f $OUTFILE ] | |
then | |
echo "Failed to create the collection datastore. (Exiting)." | |
exit 1 | |
fi | |
echo "*** Output of the command: /etc/cron.daily/ntpdate" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
echo "NOTE: This may appear to hang if something is wrong with the time sync on this server." | |
echo "Theoretically it should timeout eventually." | |
/etc/cron.daily/ntpdate >> $OUTFILE | |
else | |
datastore "17_TimeSettings.txt" | |
echo ">>>> No known time sync mechanism found!" >> 17_TimeSettings.txt | |
datastore "17_TimePeerStatus.txt" | |
echo ">>>> No known time sync mechanims found!" >> 17_TimePeerStatus.txt | |
fi | |
##################################################################### | |
# 18_SyslogSettings.txt creation | |
##################################################################### | |
datastore "18_SyslogSettings_10.1-10.2.txt" | |
echo | |
echo "Getting syslog settings..." | |
echo "*** Output of the command: egrep -v '\#|^$' /etc/rsyslog.conf (and on any /etc/rsyslog.d/ files)" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
egrep -v "\#|^$" /etc/rsyslog.conf >> $OUTFILE | |
for f in /etc/rsyslog.d/* | |
do | |
echo >> $OUTFILE | |
echo "***** Contents of file $f: *****\r" >> $OUTFILE | |
egrep -v "\#|^$" $f >> $OUTFILE | |
done | |
##################################################################### | |
# 19_Profile.txt creation | |
##################################################################### | |
datastore "19_Profile.txt" | |
echo | |
echo "Getting /etc/profile (to look for root command logging)..." | |
echo "*** Output of the command: egrep -v '\#|^$' /etc/profile" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
egrep -v "\#|^$" /etc/profile >> $OUTFILE | |
##################################################################### | |
# 20_SecureTTY.txt creation | |
##################################################################### | |
datastore "20_SecureTTY.txt" | |
echo | |
echo "Getting /etc/securetty (to look for where root can log in)..." | |
echo "*** Output of the command: egrep -v '\#|^$' /etc/securetty" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
egrep -v "\#|^$" /etc/securetty >> $OUTFILE | |
##################################################################### | |
# 21_Grub.txt creation | |
##################################################################### | |
datastore "21_Grub_8.2.1.txt" | |
echo | |
echo "Getting bootloader settings (to ensure it is password protected)..." | |
#For Grub v1: | |
if [ -e /etc/grub.conf ] | |
then | |
echo "*** Output of the command: egrep -v '\#|^$' /etc/grub.conf" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
egrep -v "\#|^$" /etc/grub.conf >> $OUTFILE | |
#For Grub v2: | |
elif [ -e /boot/grub/grub.cfg ] | |
then | |
echo "*** Output of the command: egrep -v '\#|^$' /boot/grub/grub.cfg" >> $OUTFILE | |
echo "*** Ran on $CURHOSTNAME on `date -R` ***" >> $OUTFILE | |
egrep -v "\#|^$" /boot/grub/grub.cfg >> $OUTFILE | |
fi | |
##################################################################### | |
# Prepare and Clean up | |
##################################################################### | |
echo | |
ZIPFILENAME="$(hostname)-$(date '+%b-%d-%Y_%H-%M').zip" | |
echo "Zipping output folder to ~/$ZIPFILENAME" | |
zip -rqj ~/$ZIPFILENAME $OUTFOLDER | |
echo | |
echo "Deleting temporary folder $OUTFOLDER..." | |
/bin/rm -rf $OUTFOLDER | |
echo | |
echo "Done." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment